On Sat, 27.12.14 01:38, Ivan Shapovalov ([email protected]) wrote: > On Friday 26 December 2014 at 13:37:58, Alison Chaiken wrote: > > On Fedora 21, I created a unit file in which I included > > 'PrivateDevices=true'. When I attempt to start the unit from the text > > console, the unit fails, and 'systemctl status -l' reports: > > > > startx[2754]: (EE) xf86OpenConsole: Cannot open /dev/tty0 (No such file or > > directory) > > > > > > When I take 'PrivateDevices=true' out of the unit file, it works fine. > > The man page for systemd.exec reads > > > > PrivateDevices= > > Takes a boolean argument. If true, sets up a new /dev namespace for the > > executed processes and only adds API pseudo devices such as /dev/null, > > /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, but > > no physical devices such as /dev/sda. > > > > > > Isn't /dev/tty0 a pseudo TTY? Shouldn't a service that has > > 'PrivateDevices=true' be able to access /dev/tty0? I'm willing to > > investigate further to see if there's a bug, but want to make sure that I > > understand the expected behavior first > > The TTY may be a pseudo-device, but to the kernel it's still a > device, and it
/dev/tty0 is not a pseudo tty by the definition of "pseudo tty" on Unix. It is an alias for the current VT, but "alias" and "pseudo" are two different things... > has its own dynamically created device node in /dev. So, if the unit has > `PrivateDevices=true`, it basically gets its own /dev with only a few files > inside, and ttys aren't among these files. > At least, that's how I understand it. Maybe you can do an mknod from > ExecStartPre=, > if you know the major:minor (4:0 for /dev/tty0) beforehand? This will not work. Please have a look at the documentation in systemd.exec(5). PrivateDevices= also removes CAP_MKNOD from your process and sets DevicePolicy=closed. This means mknod privileges are explicitly taken away from you. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
